{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-44959", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T05:34:56.666Z", "datePublished": "2024-09-04T18:35:57.464Z", "dateUpdated": "2026-05-23T15:53:14.532Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:53:14.532Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G N 6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS: 00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>] ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>] ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>] 0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>] \n[<...>] [] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>] [] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>] [] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>] [] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>] [] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>] [] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>] [] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>] [] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>] [] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>] [] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>] [] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>] [] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>] [] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>] [] ? do_one_tre\n---truncated---" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/tracefs/inode.c", "fs/tracefs/internal.h" ], "versions": [ { "version": "5f91fc82794d4a6e41cdcd02d00baa377d94ca78", "lessThan": "726f4c241e17be75a9cf6870d80cd7479dc89e8f", "status": "affected", "versionType": "git" }, { "version": "baa23a8d4360d981a49913841a726edede5cdd54", "lessThan": "061da60716ce0cde99f62f31937b81e1c03acef6", "status": "affected", "versionType": "git" }, { "version": "baa23a8d4360d981a49913841a726edede5cdd54", "lessThan": "0b6743bd60a56a701070b89fb80c327a44b7b3e2", "status": "affected", "versionType": "git" }, { "version": "414fb08628143203d29ccd0264b5a83fb9523c03", "status": "affected", "versionType": "git" }, { "version": "6.6.31", "lessThan": "6.6.46", "status": "affected", "versionType": "semver" }, { "version": "6.8.10", "lessThan": "6.9", "status": "affected", "versionType": "semver" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/tracefs/inode.c", "fs/tracefs/internal.h" ], "versions": [ { "version": "6.9", "status": "affected" }, { "version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.46", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.10.5", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.31", "versionEndExcluding": "6.6.46" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.10.5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.11" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.10" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f" }, { "url": "https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6" }, { "url": "https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2" } ], "title": "tracefs: Use generic inode RCU for synchronizing freeing", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2024-44959", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2024-09-10T17:39:53.968694Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:36.099Z" } } ] } }